On Sun, 2005-01-02 at 01:11 -0500, Gene Heskett wrote: > And, being root seems to suit me. I have enough firewall and natting > between here and the dsl modem that I could give you its address and > you couldn't find it with satan or nmap. 3 ethernet cards with > iptables bolted down pretty tightly between two of the in the > firewall box, an 8 port switch for the local net on this side of the > firewall, a linksys router doing the natting in gateway mode on the > other side of the firewall have pretty well protected me. Only two > crack attempts made it as far as the log on the firewall box in the > last 20 months, and both attempts actually came from one of my > assigned verizon dns servers. And were shut down by portsentry on > the first syn packet. --- this comes off as a challenge - not a smart thing. first off, your public ip address is in the headers. second thing is, why motivate someone to attempt to get into your system? third thing is running web browsers and other x applications will execute with root privileges (java/javascript/rle embedded in images, etc.) off-site scripts which you have no chance to review - no amount of firewall or nat affects this. The dark and dirty secret of Windows is that if you run with Administrator privileges, no amount of Microsoft updates will secure you, Linux isn't all that different. moreover, most people call inbound packet filtering the same as a firewall when in reality, it isn't close to firewall. A firewall will inspect all traffic inbound and outbound for suitability, review and logging. What we call firewalls is nat/masquerade which lets all activity out to the public internet without any regard to its purpose - not a firewall. You're bold with your belief in your security - not sure it's warranted. Craig
